Security News

Google is testing a new Chrome feature that allows users to add notes on passwords saved in the web browser. The new feature was spotted by a Reddit user on Google Chrome Canary, which is an experimental future version three releases away from the stable branch, currently at version 98.

An Android trojan dubbed Xenomorph has nested in Google Play, already racking up more than 50,000 downloads from the official app store, researchers warned. The malware is also a flexible, modular banking trojan, which has code overlaps and other ties to the Alien malware - hence the name.

A new Android banking trojan with over 50,000 installations has been observed distributed via the official Google Play Store with the goal of targeting 56 European banks and carrying out harvesting sensitive information from compromised devices. Xenomorph, like Alien and ERMAC, is yet another example of an Android banking trojan that's focused on circumventing Google Play Store's security protections by masquerading as productivity apps such as "Fast Cleaner" to trick unaware victims into installing the malware.

DS Store' files generated by macOS file systems as a violation of its copyright infringement policy. DS Store" file on their Google Drive being flagged for violating Google's 'Copyright Infringement' policy.

Google on Wednesday announced plans to bring its Privacy Sandbox initiatives to Android in a bid to expand its privacy-focused, but also less disruptive, advertising technology beyond the desktop web. "The Privacy Sandbox on Android builds on our existing efforts on the web, providing a clear path forward to improve user privacy without putting access to free content and services at risk," Anthony Chavez, vice president of product management for Android security and privacy, said.

Google plans to extend its rework of web ad technology - the optimistically named Privacy Sandbox - to Android devices in an effort to limit the misuse of data in its mobile ecosystem. It began to take shape a year after Google undertook Project Strobe, a rethink of Google Account and Android data access in the wake of ongoing security and privacy problems.

Google says it bumped up rewards for reports of Linux Kernel, Kubernetes, Google Kubernetes Engine, or kCTF vulnerabilities by adding bigger bonuses for zero-day bugs and exploits using unique exploitation techniques. "We increased our rewards because we recognized that in order to attract the attention of the community we needed to match our rewards to their expectations," Google Vulnerability Matchmaker Eduardo Vela explained.

In the past few days, both Apple and Adobe have published software updates to close off zero-day security holes that were already being exploited by attackers. In other words, now matter how quickly you update against a zero-day once the patch is announced, you know that someone - and you have to hope that it wasn't you! - has already been attacked and pwned, even if they're accustomed to patching promptly themselves.

Google has released Chrome 98.0.4758.102 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability used by threat actors in attacks. It is possible to install the update immediately simply by going into the Chrome menu > Help > About Google Chrome.

The bug hunters at Google's Project Zero team have released their latest time-to-fix data and Linux is smashing the opposition. Between 2019 and 2021 open-source developers fixed Linux issues in an average of 25 days, compared to 83 for Microsoft and Oracle pulling last place at 109 days, albeit from a very low number of cases.